This policy explains what data we collect, why we collect it, and how we use it when you use Phenoble Agent ("the Service") provided by Phenoble Software. We do not sell your personal data or your Salesforce data to any third party.
1. Who We Are
Phenoble Agent is a product of Phenoble Software, a software company that builds AI-powered tools for Salesforce teams. References to "Phenoble", "we", "us", or "our" in this policy refer to Phenoble Software.
Our product website is salesforce.phenoble.com.
2. Information We Collect
Account information
- Name and email address when you sign up
- Password (stored as a bcrypt hash; we never store your plain-text password)
- Optional: Google account details if you sign in with Google OAuth
Salesforce connection data
- Your Salesforce org instance URL and connected user ID
- OAuth refresh token (encrypted at rest using AES-256-CBC)
- We do not store the Salesforce access token; it is fetched fresh per request and discarded after use
Chat and query data
- The natural language questions you type into the chat interface
- The SOQL queries generated and the results returned to you
- Chat session history (so your conversations persist across sessions)
Usage data
- Number of queries used (for free plan limit enforcement)
- Token usage for AI model calls
- Server request logs (IP address, timestamp, endpoint), retained for 30 days
Cookies
- We use one HTTP-only, secure session cookie to keep you logged in
- We do not use advertising cookies or third-party tracking cookies
3. How We Use Your Information
- To authenticate you and maintain your account
- To connect to your Salesforce org on your behalf and execute queries you request
- To persist your chat history and query results for your own access
- To enforce free plan query limits
- To send you product-related emails (account confirmation, password reset, service updates)
- To improve the Service: we may review anonymised query patterns to identify where the AI performs poorly
We do not use your data for advertising. We do not profile you for third-party marketing.
4. Your Salesforce Data
When you ask a question, Phenoble queries your Salesforce org using your credentials and returns the result to you. We do not retain Salesforce record data beyond what is stored in your chat history.
We do not sync, export, or store your Salesforce records in any separate database. Your Salesforce data stays in your Salesforce org. The only Salesforce data stored by Phenoble is the text of query results inside your chat history, visible only to you.
Your Salesforce refresh token is encrypted using AES-256-CBC with a server-side encryption key. It is used only to obtain a short-lived access token per request and is never transmitted to any third party.
5. Third-Party Services
We use the following third-party services to operate the Service:
- OpenAI: Your natural language questions and the context needed to answer them (e.g., Salesforce object field names) are sent to OpenAI's API to generate SOQL queries and responses. OpenAI processes this data under their own Privacy Policy. We do not send raw Salesforce record data to OpenAI; only field schema context and your typed question.
- Google Cloud Platform: The Service is hosted on Google Cloud (us-central1). Data is processed and stored within GCP infrastructure.
- Salesforce: We connect to Salesforce APIs using your OAuth credentials. Salesforce's own privacy policy governs the data stored in your Salesforce org.
6. Data Retention
- Account data is retained for as long as your account is active
- Chat history is retained until you delete it or delete your account
- Server request logs are retained for 30 days
- On account deletion, we delete your account data, chat history, and stored Salesforce credentials within 30 days
7. Your Rights
You have the right to:
- Access: request a copy of the personal data we hold about you
- Correction: ask us to correct inaccurate data
- Deletion: request deletion of your account and associated data
- Portability: request your data in a portable format
- Withdraw consent: disconnect your Salesforce org at any time from the Dashboard; this immediately removes your stored credentials
To exercise any of these rights, email us at sales@phenoble.com. We will respond within 30 days.
8. Security
We implement industry-standard security measures including HTTPS-only transport, HTTP-only cookies, AES-256-CBC encryption for stored credentials, bcrypt password hashing, and rate limiting on all API endpoints. However, no system is 100% secure. If you discover a security issue, please report it responsibly to security@phenoble.com.
9. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at sales@phenoble.com and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and, for material changes, notify you by email. Continued use of the Service after the effective date constitutes acceptance of the updated policy.